Issue #3191389 by anmolgoyal74, greggles, larowlan, mcdruid, pwolanin, brayfe: File Inclusion issue security hardening

author: Alex Pott <alex.a.pott@googlemail.com> 2023-01-20 14:18:55 +0000
committer: Alex Pott <alex.a.pott@googlemail.com> 2023-01-20 14:18:55 +0000
commit: 86bced910a28ccf21e7958c9166856ad6f09aa0d (patch)
tree: bb882314e7fe9b7981f26ed1e064994b77896809 /.ht.router.php
parent: de66aa933417b8b5ee6598ad515af55f8df9eae4 (diff)
download: drupal-86bced910a28ccf21e7958c9166856ad6f09aa0d.tar.gz
drupal-86bced910a28ccf21e7958c9166856ad6f09aa0d.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/.ht.router.php b/.ht.router.php
index 054f7119b0e..2c8a6f6ac35 100644
--- a/.ht.router.php
+++ b/.ht.router.php
@@ -24,6 +24,12 @@
  * @see http://php.net/manual/en/features.commandline.webserver.php
  */
 
+if (PHP_SAPI !== 'cli-server') {
+  // Bail out if this is not PHP's Development Server.
+  header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+  exit;
+}
+
 $url = parse_url($_SERVER['REQUEST_URI']);
 if (file_exists(__DIR__ . $url['path'])) {
   // Serve the requested resource as-is.
author	Alex Pott <alex.a.pott@googlemail.com>	2023-01-20 14:18:55 +0000
committer	Alex Pott <alex.a.pott@googlemail.com>	2023-01-20 14:18:55 +0000
commit	86bced910a28ccf21e7958c9166856ad6f09aa0d (patch)
tree	bb882314e7fe9b7981f26ed1e064994b77896809 /.ht.router.php
parent	de66aa933417b8b5ee6598ad515af55f8df9eae4 (diff)
download	drupal-86bced910a28ccf21e7958c9166856ad6f09aa0d.tar.gz drupal-86bced910a28ccf21e7958c9166856ad6f09aa0d.zip